Cisco ASA 5505 User Manual
Page 1927
C-29
Cisco ASA 5500 Series Configuration Guide using the CLI
Appendix C Configuring an External Server for Authorization and Authentication
Configuring an External RADIUS Server
Use-Client-Address
Y
17
Boolean Single
0 = Disabled
1 = Enabled
PPTP-Encryption
Y
20
Integer
Single
Bitmap:
1 = Encryption required
2 = 40 bits
4 = 128 bits
8 = Stateless-Required
15= 40/128-Encr/Stateless-Req
L2TP-Encryption
Y
21
Integer
Single
Bitmap:
1 = Encryption required
2 = 40 bits
4 = 128 bits
8 = Stateless-Req
15= 40/128-Encr/Stateless-Req
Group-Policy
Y
Y
25
String
Single
Sets the group policy for the
remote access VPN session. For
versions 8.2 and later, use this
attribute instead of
IETF-Radius-Class. You can
use one of the three following
formats:
•
group policy name
•
OU=group policy name
•
OU=group policy name;
IPsec-Split-Tunnel-List
Y
Y
Y
27
String
Single
Specifies the name of the
network/access list that
describes the split tunnel
inclusion list.
IPsec-Default-Domain
Y
Y
Y
28
String
Single
Specifies the single default
domain name to send to the
client (1-255 characters).
IPsec-Split-DNS-Names
Y
Y
Y
29
String
Single
Specifies the list of secondary
domain names to send to the
client (1-255 characters).
IPsec-Tunnel-Type
Y
Y
Y
30
Integer
Single
1 = LAN-to-LAN
2 = Remote access
IPsec-Mode-Config
Y
Y
Y
31
Boolean Single
0 = Disabled
1 = Enabled
IPsec-User-Group-Lock
Y
33
Boolean Single
0 = Disabled
1 = Enabled
Table C-7
ASA Supported RADIUS Attributes and Values (continued)
Attribute Name
VPN
3000
ASA
PIX
Attr.
No.
Syntax/
Type
Single
or
Multi-
Valued
Description or Value